[lxc-devel] Nested namespaces
Riya Khanna
riyakhanna1983 at gmail.com
Mon Sep 29 05:12:17 UTC 2014
Thanks!
Does this mean that the new namespaces will be subject to new cgroups quota (as defined by the new namespaces) or parent namespaces cgroups apply to the child as well?
Thanks,
Riya
> On Sep 28, 2014, at 11:24 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
>
>> On Sun, Sep 28, 2014 at 06:31:18PM -0500, riya khanna wrote:
>> Hi,
>>
>> As I understand, kernel currently supports six namespaces. Is it
>> possible for a process inside a container (running with different
>> namespaces - all six) to escape the container by unshare() 'ing ?
>>
>> Would this be different for privileged/unprivileged containers?
>>
>> Thanks,
>> Riya
>
> It's certainly possible to unshare namespaces from within a container
> but that's a feature, not an issue.
>
> So you can't "escape" by unsharing, you can just get some new namespaces
> setup which are children of your current one.
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list